cbcvebase.
CVE-2007-6731
published 2009-09-13

CVE-2007-6731: Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check…

PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.07%
96.1th percentile
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Affected

10 ranges
VendorProductVersion rangeFixed in
claudio_matsuokaextended_module_player<= 2.5.1
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
debianxmp< xmp 2.6.1-1 (bookworm)xmp 2.6.1-1 (bookworm)

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.